Bug#950535: iptables-restore segfaults on nat table

Package: iptables Version: 1.8.2-4 Severity: grave Dear Maintainer, after updateing from stretch to buster ufw failed to work. we have nat-table entries for PREROUTING and POSTROUTING . iptables-restore segfaults on these rules. The following rules lead to the error: *nat -F PREROUTING -A PRERO

Bug#950535: iptables-restore segfaults on nat table

Dear Maintainer, I tried to collect some more information and got the following backtrace with the restore command from the submitter. It looks like "expr->ops" contains a null pointer that gets dereferenced. Unfortunately I still see the same crash after upgrading to the versions in backports in

Bug#950535: [pkg-netfilter-team] Bug#950535: iptables-restore segfaults on nat table

Control: tag -1 moreinfo Hi Christoph, Is this ruleset a real one obtained from ufw? I ask because the next one doesn't result in segfault: *nat -F PREROUTING -F POSTROUTING -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-ports 1194 COMMIT I don't understand the rule "-F PREROUTING" af

Processed: Re: [pkg-netfilter-team] Bug#950535: iptables-restore segfaults on nat table

Processing control commands: > tag -1 moreinfo Bug #950535 [iptables] iptables-restore segfaults on nat table Added tag(s) moreinfo. -- 950535: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950535 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems

Bug#950535: [pkg-netfilter-team] Bug#950535: iptables-restore segfaults on nat table

Hi Alberto, Am 13.02.20 um 10:11 schrieb Alberto Molina Coballes: > I don't understand the rule "-F PREROUTING" after a "-A ..." one. It > seems that the segfault happens in this specific case (it's a bug of > course, but not a bug with grave severity). I choose the grave severity because the bug

Bug#950535: [pkg-netfilter-team] Bug#950535: iptables-restore segfaults on nat table

Hil Alberto, Am 13.02.20 um 10:11 schrieb Alberto Molina Coballes: > > Is this ruleset a real one obtained from ufw? I ask because the next one > doesn't result in segfault: > > *nat > -F PREROUTING > -F POSTROUTING > -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-ports 1194 > COMMIT >

Bug#950535: [pkg-netfilter-team] Bug#950535: iptables-restore segfaults on nat table

On Thu, Feb 13, 2020 at 11:05:13AM +0100, Christoph Martin wrote: > > I choose the grave severity because the bug makes a reload of ufw fail > and then the firewall is off ! > Yes, I agree with you that it's a serious situation, but we have to determine if it's a general case of iptables (which

Processed: Re: [pkg-netfilter-team] Bug#950535: iptables-restore segfaults on nat table

Processing control commands: > forwarded -1 https://bugzilla.netfilter.org/show_bug.cgi?id=1407 Bug #950535 [iptables] iptables-restore segfaults on nat table Set Bug forwarded-to-address to 'https://bugzilla.netfilter.org/show_bug.cgi?id=1407'. > severity -1 normal Bug #950535 [iptables] iptable

Bug#950535: [pkg-netfilter-team] Bug#950535: iptables-restore segfaults on nat table

Control: forwarded -1 https://bugzilla.netfilter.org/show_bug.cgi?id=1407 Control: severity -1 normal Hi Christoph, I'm quoting a email from Jamie Strandboge, who is both the maintainer in Debian and the creator of ufw, and has kindly replied my question about this bug: [quote] ... These rules